Cybersecurity Factory nurtures early-stage startups in a tough field

Cybersecurity startups are in an odd position. They’re in a white-hot area with interest driven by all the breaches dominating the headlines. But what company wants to beta test the latest security software by developers without a track record and who might not be around next year? There’s just a huge hurdle.

That’s why Highland Capital Partners is working with MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) and a cadre of mentors from tech companies to help two handpicked cybersecurity startups navigate that big, scary world.

The Cybersecurity Factory, announced in March, kicked off this week. It’s a sort of eight-week summer camp for newbie security companies at Highland Capital’s Cambridge offices, just down the street from MIT.

One of the selected companies, Oblivilock, is working on cryptographic technology to protect not just data, but the data about the data (metadata) sent to and stored in the cloud. The other, Aikicrypt, is focusing on strong encryption to ensure that customer data in the cloud remains safe even if the cloud servers themselves are attacked and compromised

To be sure there are other cybersecurity-focused accelerators and incubators, Mach37 in suburban Washington D.C. comes to mind, but that is for later-stage companies.

What these very young companies get is $20,000 to cover startup costs, office space and lots and lots of advice from mentors at companies including Akamai (AKAM), Qualys(QLYS), vArmour, Imprivata (IMPR), and others. They potentially can get another $200,000 investment from Highland down the road.

The goal is to give these novice entrepreneurs some structure and advice on building and pitching their products. Because customers are generally cautious about putting their IT systems in the hands of an untested company, it’s hard for enterprise software startups to get off the ground. Layering cybersecurity atop that makes it even harder, Yang told Fortune.

Consumer software startups still get funding relatively easily. Tinder for dogs, for example, is a real thing now. But it’s harder for security startups to get to that stage, she said.

From the Cybersecurity Factory blog post:

First of all, many security solutions are for enterprise rather than consumers. Finding enterprise clients requires developing a different kind of network than the ones academic researchers already have. Security startups also need to establish trust with their enterprise clients. Not only would they like to know the companies will be around to maintain the software in six months or a year, but they also need to trust that the companies are providing the services they claim to.

Yang, who just completed her Ph.D work at CSAIL knows from security. Much of her work focused on how developers can build security controls into software from the get-go rather than bolting it on after the fact.